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APPARATUS AND METHOD FOR PERSONAL IDENTIFICATION 

BACKGROUND OF THE INVENTION 
Field of the Invention 
The U.S. government has a paid-up license in this 
invention and the right in limited circumstances to 
require the patent owner to license others on reasonable 
terms as provided for by the terms of contract No. 
DE-AC06-87RL10930 award by the United States Department of 
Energy . 

This invention relates generally to means for gaining 
access to controlled areas, but more particularly, to card 
systems for gaining access to secured buildings and facil- 
ities or to secured computer systems. This invention has 
broad applications in systems where bank cards, credit 
cards, or other types of plastic cards are used to gain 
access to automated financial transaction systems, and 
also to computer controlled systems where plastic cards 
are used for entering and leaving controlled buildings or 
other types of facilities. This invention also relates to 
applications where access to the information stored on the 
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card is restricted by a security system. Traditionally, 
these cards have a coded magnetic strip that allows the 
user to pass the strip through a reader which authorizes 
the user to gain access to the computer controlled system. 
Early versions of these basic systems allowed any holder 
of the card to gain entry to the system regardless of 
whether the holder was an authorized user or not. Later, 
these basic systems were supplemented with an additional 
identification means such as a PIN number or a password 
that had been previously stored in the computer memory. 
The holder of the card had to enter the identification 
into the system to prove he waB an authorized user. These 
systems proved to be ineffective because the authorized 
user oftentimes forgot the password or PIN number and, in 
15 some cases, the PIN number and password were obtained by 
duress or theft or some other unauthorized means. 

Then, systems were developed where a personal physi- 
cal trait was actually stored on the card. These physical 
traits could be handwriting samples, photographs, or 
20 fingerprints. In these type systems, the personal trait 
that was stored on the identification card was also stored 
in a computer memory bank. When the user attempted to 
gain access to the secured system, the user would input 
the card to a reader or scanner that read the digitized 
25 personal information trait from the card and inputted it 
into the main computer memory bank. The main computer 
would then retrieve the stored information from its memory 
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bank and make a comparison of the information inputted 
from the reader. If the personal physical traits read on 
the card matched the personal traits stored in the main 
computer, then the user was authorized to gain access to 
the system. However, if there was not a match, then the 
user was denied access to the system. Such systems were 
disclosed in U.S. patent no. 5,214,699, issued May 25, 
1993, to Midora Monroe, et al. See also U.S. patent no. 
4,636,622, issued to Clemet Clark, on January 13, 1987. 
These systems were typical of systems that used identifi- 
cation cards to gain access to controlled areas or compu- 
ter systems. 

However, even these systems had major drawbacks. 
When personal identification traits and identities were 
stored in a centralized database where there were many, 
many users, databases of enormous size and expense were 
required. Inordinate delays were usually encountered when 
many users tried to gain access to the system simulta- 
neously. They also require extensive communication 
between the remote access points and the central database. 

Accordingly, other systems have been developed which 
require the user to place his personal identification card 
in a reader and then re-enter his personal identification 
trait in a real time on-line scanner. For instance, when 
a personal identification trait is a picture, a camera, 
located at the remote site, re-enters the user's picture 
into the system for comparison. Other systems may have 
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fingerprint scanners to read actual fingerprints or voice 
scanners compare actual voices with voiceprints stored on 
the identification cards. In these systems, the informa- 
tion read from the on-line scanner is fed to a main compu- 
ter along with the information read from the identifica- 
tion card and a comparison is then made. If there is a 
match, then the user is allowed access to the system. 
These types of systems are disc loaed in U.S. patent no. 
4,993,068, issued to Gerald Piosenka, et al., and U.S. 
patent no. 5,229,764, issued to Noel Matchett, et al. See 
also U.S. patent no. 5,191,608, issued March 2, 1993, to 
Francois Geronimi wherein a secret code is coded in the 
microprocessor of the identification card which must be 
matched before the card is operational by the user. 
15 However, these systems also have a major drawback. 

That is, they allow the personal trait information stored 
on the card to be read by an unknown or unfriendly compu- 
ter. This type of technique compromises the security of 

the overall system. 

It is an object of this invention to provide an 
identification card or smart card for use with an identi- 
fication and access system wherein the personal identifi- 
cation trait stored on the smart card cannot be obtained 
by unauthorized users. 
25 It is also an object to provide a system which may be 

used by numerous users without requiring a large central- 
ized database. It is a still further object of this 
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invention to provide a multipurpose smart card which 
allows the user to gain access to a variety of different 
facilities or computer systems. 

It is a further object of this invention to maintain 
secret information in the card that will not be released 
until the card holder proves his identity to the card. In 
all cases the identity verification takes place in the 
card . 

Summar y of th e Invention 
There is provided by this invention a portable 
device, preferably a personal identification card or smart 
card which contains a microprocessor with means for stor- 
ing personal identification traits such as fingerprints, 
hand geometry, voiceprints, etc., in the memory of the 
15 microcomputer; biometric detection means such as a reader 
comprising a means for reading digiti2ed data of personal 
identification traits template received from an external 
scanner; and means for comparing the inputted personal 
Identification traits from the external scanner with the 
20 personal identification traits stored in programmable 
memory of the microprocessor. Upon obtaining a match of 
the stored personal identification traits and the scanned 
identification traits, the smart card allows access to a 
secured facility or computer system or the smart card it- 
25 self. The smart card also contains security features 
which prevent any information from being inputted to the 
microprocessor from unauthorized computers. 
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nr-icf naacrl r*- j 23 of the Drawings 
Figure 1 is a simplified block diagram of the smart 
card interfacing with a computer system in accordance with 
the principles of this invention? 
5 Figure 2 is a block diagram of the architecture of 

the microprocessor utilized on the smart card in accor- 
dance with the principles of this invention; and 

Figure 3 is a flow chart illustrating the method of 
operation of the smart card in accordance with the princi- 
10 pies of this invention. 

a^o f noffcriotl^ n greferrej Embodiment 
There is shown in Figure 1 a personal identification 
system shown indicated generally at 10 that allows a user 
to gain access to controlled facilities or areas, or con- 
15 trolled computer system files in the smart card micro- 
processor. A person attempting to gain access to the sys- 
tem must have a user card 12 which may be a commonly used 
plastic card such as a credit card or other identification 
card which has contained therein a microprocessor general- 
ly referred to as 14. The user must connect the micro- 
processor to a computer system interface 16 by connecting 
serial communication, power, reset, and timing signal 
lines not shown but well known to those skilled in the art 
that allows the microprocessor and the computer system 
interface to communicate. The computer system interface 
is usually at a remote site so it is accessible to the 
user and is connected to a computer system not shown. 
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Also at the remote site is a biometric scanner 18 that is 
connected to the computer system interface 16 so that the 
microprocessor 14 and the biometric scanner 18 can pass 
information. The biometric scanner 18 may be any number 
of scanners well known in the art such as fingerprint 
scanners, voiceprint digitizers, hand geometry scanners, 
etc. Once the microprocessor 14 is connected to the com- 
puter system interface 16, the system will prompt the user 
to input information into the biometric scanner 18 for 
comparison in a manner hereinafter described. 

Referring to Figure 2, there is shown a block diagram 
of the architecture of the microprocessor 14. Connected 
to the internal bus 20 are addressing logic circuits 22 
a nd control and test registers 24 for the erasable, pro- 
grammable read only memory (EPROM) or similar device 26 
and the electrical erasable programmable read only memory 
(EEPROM) or similar device 28 which contains the templates 
for the biometric identification information and compari- 
son and update codes. Also connected is an application 
read only memory (ROM) or similar device 30 and a data 
random access memory (RAM) 32. A CPU 34 is utilised to 
make the comparisons between the biometric template store 
and the biometric template input in a manner that will be 
hereinafter described. Finally, the microprocessor con- 
tains an input/output interface 36 and security logic con- 
trol 38. 
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Although this system will work with any biometric 
identity verification trait, such as voiceprints or 
fingerprints, in the present invention hand geometry bio- 
metric information is used. When the card is issued to 
the user, a hand geometry template of the user is made, 
the information is digitized and inputted into the 
EEPROM 28. The microprocessor is programmed to make 
partial updates of the hand geometry template stored in 
the card. The template update accounts for subtle hand 
changes (e.g., fingernail growth and weight gain). The 
security logic circuits of the microprocessor protects the 
template and requires terminal verification before 
processing any International Organization for Standardiza- 
tion format command. The program maintains template 
15 integrity using an error detection code and an invalid 

access attempt count. 

Figure 3 illustrates a flow chart that demonstrates 
the method of operation during identification of the user. 
When the card user inserts the card 12 into the computer 
system interface 16 and the microprocessor 14 is connected 
within the computer interface, the computer system inter- 
face challenges the user card to authenticate itself with 
a randomly generated security code. if the proper 
response is computed, the card is authenticated. If not, 
the computer system stops and the user is denied access. 
The system then prompts the user to place his hand in the 
hand scanner and a hand template is digitized by the hand 
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scanner 18. However, before this information is processed 
by the user card 12, the user card authenticates the 
terminal by challenging the terminal with a randomly 
generated security code. If the terminal security code is 
present, the template is made available to the user 
card 12. If it is not available, the system stops and the 
user is denied access. Once the hand template is avail- 
able and the retry count has not been exceeded, the card 
requests that the hand template be sent to the card. The 
system denies access if the identity is unknown and the 
retry count is exceeded. The smart card then temporarily 
stores the hand template in the random access memory 
(RAM) 32 and retrieves the pre-stored hand template from 
the ( EEPROM) 28. An algorithm stored for making a corapar- 
15 ison is then used by the CPU 34 to compare the previously 
stored hand template with the hand template received from 
the scanner 18. The hand geometry comparison and update 
algorithm allows an update to be made to the stored tem- 
plate when a predetermined maximum score is made as a 
20 result of the comparison. The updated template then is 
stored and becomes the new stored template for comparisons 
for future entry attempts. When the computer system 
interface requests the results from the card, the holder 
is either identified and the user is granted access by the 
25 system or to the card, or the holder is not identified and 
the system denies access. 
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It can be readily seen that there is provided by this 
invention a novel, personal identification system wherein 
a personal identification card (smart card) has stored 
therein on a microprocessor system a template of biometric 
identification traits, such as hand geometry, which is 
protected from unauthorized or unfriendly computers by a 
security logic system. Once a computer system has been 
authenticated, then the smart card prompts the computer 
system to request a hand geometry scan which is digitized 
and sent to the smart card. Hand geometry algorithms and 
update algorithms stored in the smart card are compared 
with the hand geometry scan. Thus, every individual user 
of the system who has a smart card carries his template in 
his own microprocessor and relieves the main computer sys- 
tem from requiring excessive and expensive data storage 
space when there may be many thousands of potential users. 

This invention provides a smart card where the bio- 
metric comparison occurs in the microprocessor of the 
smart card. 

Although there has been illustrated and described 
specific detail and structure of operation, it is clearly 
understood that the same were merely for purposes of illus- 
tration and that changes and modifications may be readily 
made therein by those skilled in the art without departing 
> from the spirit and the scope of this invention. 



WO 98/13791 



PCT/US96/I5509 



11 

What is claimed is: 

1. A personal identification system for controlling 
access to a protected system, comprising t 

a) a portable device containing a microproces- 
sor means disposed to be inputted into a computer system 

5 interface means for controlling access to the secure area 

or computer system; 

b) biometric reader means connected to the 
computer system interface means for detecting personal 
trait characteristics of an individual seeking access and 

10 producing a digitized output of the personal trait charac- 
teristics; 

c) programmable memory means within the micro- 
processor means for storing previously recorded biometric 
personal trait characteristics; 

15 d) comparative means within the microprocessor 

means for comparing the previously stored personal trait 
characteristics in the programmable memory means with the 
output of the biometric detection means for verifying the 
identity of the individual seeking access; 
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e) output means within the microprocessor 
means for producing an output signal resulting from the 
comparison made in the comparative means to the computer 
interface means for enabling or disabling access of the 
individual to the secured areas or computer system; and 

f) security means within the microprocessor 
means wherein access to the personal trait characteristics 
is protected and restricted. 

2. A personal identification system as recited in 
Claim 1 wherein the portable device is a card. 

3. A personal identification system as recited in 
Claim 2 wherein the card is plastic. 

4. A personal identification system as recited in 
Claim 3 wherein the biometric detection means is comprised 
of a scanner for digitizing the hand geometry of the 

individual seeking access. 

5. A personal identification system as recited in 
Claim 4 wherein the biometric detection means is a 
receiver for digitizing voiceprints of the individual 

seeking access. 

6. A personal identification system as recited in 
Claim 5 wherein the programmable memory means updates the 
previously recorded personal trait characteristics with 
the digitized output of the biometric detection means. 

7. A personal identification system as recited in 
Claim 6 wherein the protected system is a controlled area 
or facility. 
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8. A personal identification system as recited in 
Claim 7 wherein the protected system is a computer system. 

9. A portable device for accessing a protected sys- 
tem by the user, comprising a microprocessor wherein the 

5 microprocessor means is further comprised oft 

a) a programmable memory means for storing 
previously recorded personal trait characteristics? 

b) means for storing personal trait comparison 
algorithms and personal trait update algorithms? 

l0 c) computing means for utilizing the personal 

trait comparison algorithms for comparing personal trait 
characteristics inputted into the microprocessor means 
with the previously recorded personal trait 
characteristics stored in the programmable memory means? 
15 d) update means for updating the personal 

trait characteristics previously recorded stored in the 
programmable memory means with the personal trait charac- 
teristics inputted into the microprocessor means? 

e) output means for producing an output signal 
20 based upon the comparison made in the computing means 
between the personal trait characteristics previously 
recorded and a personal trait characteristic inputted into 
the microprocessor means to verify the identity of the 
user? and 

25 £) security means within the microprocessor 

means wherein access to the personal trait characteristics 
is protected and restricted. 
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10. A method of controlling access to a protected 
system by an individual, consisting of the steps of: 

providing portable storage means for storing 
personal trait characteristics of an individual; 
5 verifying the portable device upon input to the 

protected system; 

verifying the protected system by the portable 

device; 

measuring personal trait characteristics of the 
10 individual seeking access and inputting the personal trait 
characteristics into the portable device; 

comparing the personal trait characteristics 
inputted into the portable device with the personal trait 
characteristics previously stored in the portable device 
15 for determining the identity of the user; and 

signaling the protected system to enable or dis- 
able access by the individual based upon the comparisons 
made. 

11. A method for controlling access to a protected 
20 system as recited in Claim 10 further comprising a step of 

updating the personal trait characteristics stored in the 
portable device by the personal trait characteristics 
measured and inputted into the portable device. 

12. A method for controlling access to a protected 
25 system as recited in Claim 11 wherein the portable device 

is comprised of a card having a microprocessor attached 
thereto. 
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13. A method for controlling access to a protected 
system as recited in Claim 12 wherein the card is plastic. 

14. a method for controlling access to a protected 
system as recited in Claim 13 wherein the protected system 
is a secure area or facility. 

15. A method for controlling access to a protected 
system as recited in Claim 14 wherein the protected system 
is a computer system. 
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